From a2401647ce5ea6326e8717c8bae702ce6101008b Mon Sep 17 00:00:00 2001 From: Viet Nguyen <3805254+vnugent@users.noreply.github.com> Date: Sun, 17 Nov 2024 14:36:22 -0800 Subject: [PATCH] fix: api routes should be able to return non-200 status (#1228) --- src/app/api/mobile/login/route.ts | 19 ++++++++++++++----- src/app/api/mobile/refreshToken/route.ts | 6 +++--- src/js/auth/withMobileAuth.ts | 4 ++-- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/src/app/api/mobile/login/route.ts b/src/app/api/mobile/login/route.ts index a161187d1..c11de93cd 100644 --- a/src/app/api/mobile/login/route.ts +++ b/src/app/api/mobile/login/route.ts @@ -18,7 +18,7 @@ async function postHandler (request: NextRequest): Promise { throw new Error('Invalid payload') } } catch (error) { - return NextResponse.json({ error: 'Unexpected error', status: 400 }) + return NextResponse.json({ error: 'Unexpected error' }, { status: 400 }) } let response: Auth0.JSONApiResponse | undefined @@ -30,12 +30,21 @@ async function postHandler (request: NextRequest): Promise { audience: 'https://api.openbeta.io', realm: 'Username-Password-Authentication' }) - - return NextResponse.json({ data: response.data }) + return NextResponse.json({ ...response.data }, { status: response.status }) } catch (error) { - console.error('#### Auth0 error ####', error) - return NextResponse.json({ error: 'Unexpected auth error', status: 403 }) + return errorHandler(error) } } export const POST = withMobileAuth(postHandler) + +/** + * Handle Auth0 errors + */ +export const errorHandler = (error: any): NextResponse => { + console.error('#### Auth0 error ####', error) + if (error instanceof Auth0.AuthApiError) { + return NextResponse.json({ error: error?.error_description ?? '' }, { status: error?.statusCode ?? 401 }) + } + return NextResponse.json({ error: 'Unexpected auth error' }, { status: 401 }) +} diff --git a/src/app/api/mobile/refreshToken/route.ts b/src/app/api/mobile/refreshToken/route.ts index 898fd9101..7be0d9d81 100644 --- a/src/app/api/mobile/refreshToken/route.ts +++ b/src/app/api/mobile/refreshToken/route.ts @@ -2,6 +2,7 @@ import { NextRequest, NextResponse } from 'next/server' import * as Auth0 from 'auth0' import { auth0Client, isNullOrEmpty } from '@/js/auth/mobile' import { withMobileAuth } from '@/js/auth/withMobileAuth' +import { errorHandler } from '../login/route' /** * Mobile refresh token handler @@ -27,10 +28,9 @@ async function postHandler (request: NextRequest): Promise { audience: 'https://api.openbeta.io' }) - return NextResponse.json({ data: response.data }) + return NextResponse.json({ ...response.data }, { status: response.status }) } catch (error) { - console.error('#### Auth0 error ####', error) - return NextResponse.json({ error: 'Unexpected auth error', status: 403 }) + return errorHandler(error) } } diff --git a/src/js/auth/withMobileAuth.ts b/src/js/auth/withMobileAuth.ts index 5e8f4144d..8c9e42763 100644 --- a/src/js/auth/withMobileAuth.ts +++ b/src/js/auth/withMobileAuth.ts @@ -11,12 +11,12 @@ type Next13ApiHandler = (req: NextRequest) => Promise export const withMobileAuth = (handler: Next13ApiHandler): Next13ApiHandler => { return async function (request: NextRequest) { if (request.method !== 'POST') { - return NextResponse.json({ message: 'Must send POST request', status: 405 }) + return NextResponse.json({ message: 'Must send POST request' }, { status: 405 }) } const authHeader = request.headers.get('Secret') if (mobileAuthSecret != null && authHeader === mobileAuthSecret) { return await handler(request) } - return NextResponse.json({ message: 'Unauthorized', status: 401 }) + return NextResponse.json({ message: 'Unauthorized' }, { status: 401 }) } }